Projects
Mega:24.09
iptables
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:iptables.spec
Changed
@@ -2,7 +2,7 @@ %global legacy_actions %{_libexecdir}/initscripts/legacy-actions Name: iptables Version: 1.8.9 -Release: 4 +Release: 5 Summary: IP packet filter administration utilities License: GPL-2.0-only and Artistic-2.0 URL: https://www.netfilter.org/ @@ -26,6 +26,8 @@ Patch10: backport-Fix-for-non-CIDR-compatible-hostmasks.patch Patch11: backport-Prevent-XTOPT_PUT-with-XTTYPE_HOSTMASK.patch Patch12: backport-libiptc-Fix-for-another-segfault-due-to-chain-index-NULL-pointer.patch +Patch13: backport-libxtables-Fix-memleak-of-matches-udata.patch +Patch14: backport-xshared-Fix-parsing-of-empty-string-arg-in-c-option.patch BuildRequires: bison flex gcc kernel-headers libpcap-devel libselinux-devel systemd @@ -343,6 +345,13 @@ %{_datadir}/xtables/iptables.xslt %changelog +* Tue Jun 25 2024 liweigang <liweiganga@uniontech.com> - 1.8.9-5 +- Type: bugfix +- ID: NA +- SUG: NA +- DESC: libxtables: Fix memleak of matches' udata + xshared: Fix parsing of empty string arg in '-c' option + * Fri Jun 14 2024 xinghe <xinghe2@h-partners.com> - 1.8.9-4 - Type:bugfix - ID:NA
View file
_service:tar_scm:backport-libxtables-Fix-memleak-of-matches-udata.patch
Added
@@ -0,0 +1,34 @@ +From e7366db80740d34d2fe4ba8d12ef86a423e66280 Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Wed, 31 Jan 2024 14:58:17 +0100 +Subject: PATCH libxtables: Fix memleak of matches' udata + +If the extension specifies a non-zero udata_size, field 'udata' points +to an allocated buffer which needs to be freed upon extension deinit. + +Interestingly, this bug was identified by ASAN and missed by valgrind. + +Fixes: 2dba676b68ef8 ("extensions: support for per-extension instance "global" variable space") +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + libxtables/xtables.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libxtables/xtables.c b/libxtables/xtables.c +index b4339e8d..856bfae8 100644 +--- a/libxtables/xtables.c ++++ b/libxtables/xtables.c +@@ -1420,6 +1420,10 @@ void xtables_rule_matches_free(struct xtables_rule_match **matches) + free(matchp->match->m); + matchp->match->m = NULL; + } ++ if (matchp->match->udata_size) { ++ free(matchp->match->udata); ++ matchp->match->udata = NULL; ++ } + if (matchp->match == matchp->match->next) { + free(matchp->match); + matchp->match = NULL; +-- +2.43.4 +
View file
_service:tar_scm:backport-xshared-Fix-parsing-of-empty-string-arg-in-c-option.patch
Added
@@ -0,0 +1,50 @@ +From a2911408959d7e86bc4bad4f1be2551a19ad125c Mon Sep 17 00:00:00 2001 +From: Phil Sutter <phil@nwl.cc> +Date: Tue, 9 Apr 2024 13:18:12 +0200 +Subject: PATCH xshared: Fix parsing of empty string arg in '-c' option + +Calling iptables with '-c ""' resulted in a call to strchr() with an +invalid pointer as 'optarg + 1' points to past the buffer. The most +simple fix is to drop the offset: The global optstring part specifies a +single colon after 'c', so getopt() enforces a valid pointer in optarg. +If it contains a comma at first position, packet counter value parsing +will fail so all cases are covered. + +Reported-by: gorbanev.es@gmail.com +Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1741 +Fixes: 60a6073690a45 ("Make --set-counters (-c) accept comma separated counters") +Signed-off-by: Phil Sutter <phil@nwl.cc> +--- + extensions/iptables.t | 5 +++++ + iptables/xshared.c | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/extensions/iptables.t b/extensions/iptables.t +index b4b6d677..5d6d3d15 100644 +--- a/extensions/iptables.t ++++ b/extensions/iptables.t +@@ -4,3 +4,8 @@ + -i eth+ -o alongifacename+;=;OK + ! -i eth0;=;OK + ! -o eth+;=;OK ++-c "";;FAIL ++-c ,3;;FAIL ++-c 3,;;FAIL ++-c ,;;FAIL ++-c 2,3 -j ACCEPT;-j ACCEPT;OK +diff --git a/iptables/xshared.c b/iptables/xshared.c +index b998dd75..b1997ea3 100644 +--- a/iptables/xshared.c ++++ b/iptables/xshared.c +@@ -1755,7 +1755,7 @@ void do_parse(int argc, char *argv, + set_option(&cs->options, OPT_COUNTERS, &args->invflags, + invert); + args->pcnt = optarg; +- args->bcnt = strchr(args->pcnt + 1, ','); ++ args->bcnt = strchr(args->pcnt, ','); + if (args->bcnt) + args->bcnt++; + if (!args->bcnt && xs_has_arg(argc, argv)) +-- +2.43.4 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/iptables.git</param> - <param name="revision">master</param> + <param name="revision">openEuler-24.09</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2